ben851 commented 3 months ago

Summary | Résumé

This contains all of the changes for production DNS migration.

Related Issues | Cartes liées

https://app.zenhub.com/workspaces/notify-planning-core-6411dfb7c95fb80014e0cab0/issues/gh/cds-snc/notification-planning-core/36

Test instructions | Instructions pour tester la modification

TF Apply works Smoke test staging

Release Instructions | Instructions pour le déploiement

None.

Reviewer checklist | Liste de vérification du réviseur

[ ] This PR does not break existing functionality.
[ ] This PR does not violate GCNotify's privacy policies.
[ ] This PR does not raise new security concerns. Refer to our GC Notify Risk Register document on our Google drive.
[ ] This PR does not significantly alter performance.
[ ] Additional required documentation resulting of these changes is covered (such as the README, setup instructions, a related ADR or the technical documentation).

⚠ If boxes cannot be checked off before merging the PR, they should be moved to the "Release Instructions" section with appropriate steps required to verify before release. For example, changes to celery code may require tests on staging to verify that performance has not been affected.

github-actions[bot] commented 3 months ago

Staging: newrelic

✅ Terraform Init: success ✅ Terraform Validate: success ✅ Terraform Format: success ✅ Terraform Plan: success

Plan: 0 to add, 1 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|-----------------------------------------------| | update | `newrelic_workflow.terraform_notify_workflow` |

Show plan

```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # newrelic_workflow.terraform_notify_workflow will be updated in-place ~ resource "newrelic_workflow" "terraform_notify_workflow" { id = "29b5ae0e-6918-4d87-84c6-71ce34368fad" name = "Notify Workflow - staging" # (7 unchanged attributes hidden) - destination { - channel_id = "3a5ec568-369c-481c-bd49-598f5d394008" -> null - name = "Terraform Notify Slack Channel - staging" -> null - notification_triggers = [ - "ACKNOWLEDGED", - "ACTIVATED", - "CLOSED", ] -> null - type = "SLACK_LEGACY" -> null } + destination { + channel_id = "3a5ec568-369c-481c-bd49-598f5d394008" + name = (known after apply) + notification_triggers = (known after apply) + type = (known after apply) } # (1 unchanged block hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

github-actions[bot] commented 3 months ago

Staging: heartbeat

✅ Terraform Init: success ✅ Terraform Validate: success ✅ Terraform Format: success ✅ Terraform Plan: success ✅ Conftest: success

Plan: 0 to add, 1 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|---------------------------------------------| | update | `module.heartbeat.aws_lambda_function.this` |

Show plan

```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.heartbeat.aws_lambda_function.this will be updated in-place ~ resource "aws_lambda_function" "this" { - description = "2024-07-18T20:04:55Z" -> null id = "heartbeat" tags = { "CostCentre" = "notification-canada-ca-staging" "Terraform" = "true" } # (20 unchanged attributes hidden) # (4 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.heartbeat_testing[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.heartbeat_log_group[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.logs-1-500-error-1-minute-warning-heartbeat-api[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.logs-10-500-error-5-minutes-critical-heartbeat-api[0]"] 23 tests, 19 passed, 4 warnings, 0 failures, 0 exceptions ```

github-actions[bot] commented 3 months ago

Staging: dns

✅ Terraform Init: success ✅ Terraform Validate: success ✅ Terraform Format: success ✅ Terraform Plan: success ✅ Conftest: success

⚠️ Warning: resources will be destroyed by this change!

Plan: 9 to add, 0 to change, 9 to destroy

Show summary

| CHANGE | NAME | |----------|---------------------------------------------------------------| | recreate | `aws_route53_record.bounce-custom-notification-sandbox-MX[0]` | | | `aws_route53_record.bounce-notification-sandbox-MX[0]` | | | `aws_route53_record.bounce-notification-sandbox-TXT[0]` | | | `aws_route53_record.custom-domain-aws-ses-sandbox-TXT[0]` | | | `aws_route53_record.custom-domain-ses-sandbox-TXT[0]` | | | `aws_route53_record.dmarc-notification-sandbox-TXT[0]` | | | `aws_route53_record.notification-sandbox-MX[0]` | | | `aws_route53_record.notification-sandbox-TXT[0]` | | | `aws_route53_record.ses-notification-sandbox-TXT[0]` |

Show plan

```terraform Resource actions are indicated with the following symbols: -/+ destroy and then create replacement Terraform will perform the following actions: # aws_route53_record.bounce-custom-notification-sandbox-MX[0] must be replaced -/+ resource "aws_route53_record" "bounce-custom-notification-sandbox-MX" { + allow_overwrite = (known after apply) ~ fqdn = "bounce.custom-sending-domain.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_bounce.custom-sending-domain.staging.notification.cdssandbox.xyz_MX" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "bounce.custom-sending-domain.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.bounce-notification-sandbox-MX[0] must be replaced -/+ resource "aws_route53_record" "bounce-notification-sandbox-MX" { + allow_overwrite = (known after apply) ~ fqdn = "bounce.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_bounce.staging.notification.cdssandbox.xyz_MX" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "bounce.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.bounce-notification-sandbox-TXT[0] must be replaced -/+ resource "aws_route53_record" "bounce-notification-sandbox-TXT" { + allow_overwrite = (known after apply) ~ fqdn = "bounce.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_bounce.staging.notification.cdssandbox.xyz_TXT" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "bounce.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.custom-domain-aws-ses-sandbox-TXT[0] must be replaced -/+ resource "aws_route53_record" "custom-domain-aws-ses-sandbox-TXT" { + allow_overwrite = (known after apply) ~ fqdn = "_amazonses.custom-sending-domain.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__amazonses.custom-sending-domain.staging.notification.cdssandbox.xyz_TXT" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_amazonses.custom-sending-domain.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.custom-domain-ses-sandbox-TXT[0] must be replaced -/+ resource "aws_route53_record" "custom-domain-ses-sandbox-TXT" { + allow_overwrite = (known after apply) ~ fqdn = "custom-sending-domain.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_custom-sending-domain.staging.notification.cdssandbox.xyz_TXT" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "custom-sending-domain.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.dmarc-notification-sandbox-TXT[0] must be replaced -/+ resource "aws_route53_record" "dmarc-notification-sandbox-TXT" { + allow_overwrite = (known after apply) ~ fqdn = "_dmarc.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__dmarc.staging.notification.cdssandbox.xyz_TXT" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_dmarc.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.notification-sandbox-MX[0] must be replaced -/+ resource "aws_route53_record" "notification-sandbox-MX" { + allow_overwrite = (known after apply) ~ fqdn = "staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_staging.notification.cdssandbox.xyz_MX" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.notification-sandbox-TXT[0] must be replaced -/+ resource "aws_route53_record" "notification-sandbox-TXT" { + allow_overwrite = (known after apply) ~ fqdn = "staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_staging.notification.cdssandbox.xyz_TXT" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.ses-notification-sandbox-TXT[0] must be replaced -/+ resource "aws_route53_record" "ses-notification-sandbox-TXT" { + allow_overwrite = (known after apply) ~ fqdn = "_amazonses.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__amazonses.staging.notification.cdssandbox.xyz_TXT" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_amazonses.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } Plan: 9 to add, 0 to change, 9 to destroy. Changes to Outputs: + route53_zone_id = "Z04028033PLSHVOO9ZJ1Z" - staging_route_53_zone_arn = "Z04028033PLSHVOO9ZJ1Z" -> null ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.internal_dns"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.dev_dns_manager[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.production_dns_manager[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.sandbox_dns_manager[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.scratch_dns_manager[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.staging_dns_manager[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.internal_dns"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.notification-sandbox[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.internal_dns_cert_base64"] WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.internal_dns_fqdn"] WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.internal_dns_key_base64"] 30 tests, 19 passed, 11 warnings, 0 failures, 0 exceptions ```

github-actions[bot] commented 3 months ago

Staging: system_status

✅ Terraform Init: success ✅ Terraform Validate: success ✅ Terraform Format: success ✅ Terraform Plan: success ✅ Conftest: success

Plan: 0 to add, 1 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|-------------------------------------------------| | update | `module.system_status.aws_lambda_function.this` |

Show plan

```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.system_status.aws_lambda_function.this will be updated in-place ~ resource "aws_lambda_function" "this" { - description = "2024-07-18T20:05:03Z" -> null id = "system_status" tags = { "CostCentre" = "notification-canada-ca-staging" "Terraform" = "true" } # (21 unchanged attributes hidden) # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.system_status_testing[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.system_status_log_group[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.logs-1-500-error-1-minute-warning-system_status-api[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.logs-10-500-error-5-minutes-critical-system_status-api[0]"] 23 tests, 19 passed, 4 warnings, 0 failures, 0 exceptions ```

github-actions[bot] commented 3 months ago

Staging: ses_validation_dns_entries

✅ Terraform Init: success ✅ Terraform Validate: success ✅ Terraform Format: success ✅ Terraform Plan: success ✅ Conftest: success

⚠️ Warning: resources will be destroyed by this change!

Plan: 9 to add, 0 to change, 9 to destroy

Show summary

| CHANGE | NAME | |----------|--------------------------------------------------------------------------------------------------------------------------------------------------| | recreate | `aws_route53_record.notification_canada_ca_dkim_record["m2raeckpszs5h6xfta55h6g6oqilfsdc"]` | | | `aws_route53_record.notification_canada_ca_dkim_record["njevscghzshjlnp537wl47birs6fqwb6"]` | | | `aws_route53_record.notification_canada_ca_dkim_record["pdwp5bpdniz7y4bxnzbt7xasc6fckptw"]` | | | `aws_route53_record.notification_canada_ca_receiving_dkim_record["24r7lbzb7spnkryfm7m4qovy4blgvuf2"]` | | | `aws_route53_record.notification_canada_ca_receiving_dkim_record["tgwhvv4xwphbfvz7kvjtgwr7rgghpcxy"]` | | | `aws_route53_record.notification_canada_ca_receiving_dkim_record["tsvsmtkqb2eu3kyzgwrfss6m5bolgt27"]` | | | `aws_route53_record.ses_custom_domain_dkim_record["custom-sending-domain.staging.notification.cdssandbox.xyz.eitid6uybyc5eiasoxvj64yeaybtkmqi"]` | | | `aws_route53_record.ses_custom_domain_dkim_record["custom-sending-domain.staging.notification.cdssandbox.xyz.yof4o2jpi3ga3sr5p2tmbcuykpjvwdal"]` | | | `aws_route53_record.ses_custom_domain_dkim_record["custom-sending-domain.staging.notification.cdssandbox.xyz.zvn2cunenmbqynpgsi4f6vz2d3tul4yn"]` |

Show plan

```terraform Resource actions are indicated with the following symbols: -/+ destroy and then create replacement Terraform will perform the following actions: # aws_route53_record.notification_canada_ca_dkim_record["m2raeckpszs5h6xfta55h6g6oqilfsdc"] must be replaced -/+ resource "aws_route53_record" "notification_canada_ca_dkim_record" { ~ fqdn = "m2raeckpszs5h6xfta55h6g6oqilfsdc._domainkey.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_m2raeckpszs5h6xfta55h6g6oqilfsdc._domainkey.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "m2raeckpszs5h6xfta55h6g6oqilfsdc._domainkey.staging.notification.cdssandbox.xyz" ~ ttl = 600 -> 300 ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.notification_canada_ca_dkim_record["njevscghzshjlnp537wl47birs6fqwb6"] must be replaced -/+ resource "aws_route53_record" "notification_canada_ca_dkim_record" { ~ fqdn = "njevscghzshjlnp537wl47birs6fqwb6._domainkey.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_njevscghzshjlnp537wl47birs6fqwb6._domainkey.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "njevscghzshjlnp537wl47birs6fqwb6._domainkey.staging.notification.cdssandbox.xyz" ~ ttl = 600 -> 300 ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.notification_canada_ca_dkim_record["pdwp5bpdniz7y4bxnzbt7xasc6fckptw"] must be replaced -/+ resource "aws_route53_record" "notification_canada_ca_dkim_record" { ~ fqdn = "pdwp5bpdniz7y4bxnzbt7xasc6fckptw._domainkey.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_pdwp5bpdniz7y4bxnzbt7xasc6fckptw._domainkey.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "pdwp5bpdniz7y4bxnzbt7xasc6fckptw._domainkey.staging.notification.cdssandbox.xyz" ~ ttl = 600 -> 300 ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.notification_canada_ca_receiving_dkim_record["24r7lbzb7spnkryfm7m4qovy4blgvuf2"] must be replaced -/+ resource "aws_route53_record" "notification_canada_ca_receiving_dkim_record" { ~ fqdn = "24r7lbzb7spnkryfm7m4qovy4blgvuf2._domainkey.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_24r7lbzb7spnkryfm7m4qovy4blgvuf2._domainkey.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "24r7lbzb7spnkryfm7m4qovy4blgvuf2._domainkey.staging.notification.cdssandbox.xyz" ~ ttl = 600 -> 300 ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.notification_canada_ca_receiving_dkim_record["tgwhvv4xwphbfvz7kvjtgwr7rgghpcxy"] must be replaced -/+ resource "aws_route53_record" "notification_canada_ca_receiving_dkim_record" { ~ fqdn = "tgwhvv4xwphbfvz7kvjtgwr7rgghpcxy._domainkey.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_tgwhvv4xwphbfvz7kvjtgwr7rgghpcxy._domainkey.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "tgwhvv4xwphbfvz7kvjtgwr7rgghpcxy._domainkey.staging.notification.cdssandbox.xyz" ~ ttl = 600 -> 300 ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.notification_canada_ca_receiving_dkim_record["tsvsmtkqb2eu3kyzgwrfss6m5bolgt27"] must be replaced -/+ resource "aws_route53_record" "notification_canada_ca_receiving_dkim_record" { ~ fqdn = "tsvsmtkqb2eu3kyzgwrfss6m5bolgt27._domainkey.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_tsvsmtkqb2eu3kyzgwrfss6m5bolgt27._domainkey.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "tsvsmtkqb2eu3kyzgwrfss6m5bolgt27._domainkey.staging.notification.cdssandbox.xyz" ~ ttl = 600 -> 300 ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.ses_custom_domain_dkim_record["custom-sending-domain.staging.notification.cdssandbox.xyz.eitid6uybyc5eiasoxvj64yeaybtkmqi"] must be replaced -/+ resource "aws_route53_record" "ses_custom_domain_dkim_record" { ~ fqdn = "eitid6uybyc5eiasoxvj64yeaybtkmqi._domainkey.custom-sending-domain.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_eitid6uybyc5eiasoxvj64yeaybtkmqi._domainkey.custom-sending-domain.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "eitid6uybyc5eiasoxvj64yeaybtkmqi._domainkey.custom-sending-domain.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (4 unchanged attributes hidden) } # aws_route53_record.ses_custom_domain_dkim_record["custom-sending-domain.staging.notification.cdssandbox.xyz.yof4o2jpi3ga3sr5p2tmbcuykpjvwdal"] must be replaced -/+ resource "aws_route53_record" "ses_custom_domain_dkim_record" { ~ fqdn = "yof4o2jpi3ga3sr5p2tmbcuykpjvwdal._domainkey.custom-sending-domain.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_yof4o2jpi3ga3sr5p2tmbcuykpjvwdal._domainkey.custom-sending-domain.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "yof4o2jpi3ga3sr5p2tmbcuykpjvwdal._domainkey.custom-sending-domain.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (4 unchanged attributes hidden) } # aws_route53_record.ses_custom_domain_dkim_record["custom-sending-domain.staging.notification.cdssandbox.xyz.zvn2cunenmbqynpgsi4f6vz2d3tul4yn"] must be replaced -/+ resource "aws_route53_record" "ses_custom_domain_dkim_record" { ~ fqdn = "zvn2cunenmbqynpgsi4f6vz2d3tul4yn._domainkey.custom-sending-domain.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_zvn2cunenmbqynpgsi4f6vz2d3tul4yn._domainkey.custom-sending-domain.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "zvn2cunenmbqynpgsi4f6vz2d3tul4yn._domainkey.custom-sending-domain.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (4 unchanged attributes hidden) } Plan: 9 to add, 0 to change, 9 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh 20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions ```

github-actions[bot] commented 3 months ago

Staging: eks

✅ Terraform Init: success ✅ Terraform Validate: success ✅ Terraform Format: success ✅ Terraform Plan: success ✅ Conftest: success

⚠️ Warning: resources will be destroyed by this change!

Plan: 23 to add, 0 to change, 23 to destroy

Show summary

| CHANGE | NAME | |----------|---------------------------------------------------------------------------------------------------------| | recreate | `aws_acm_certificate_validation.notification-canada-ca[0]` | | | `aws_acm_certificate_validation.notification-canada-ca-alt[0]` | | | `aws_route53_record.api-document-notification-canada-ca-cname` | | | `aws_route53_record.api-k8s-scratch-notification-CNAME` | | | `aws_route53_record.api-weighted-0-scratch-notification-A` | | | `aws_route53_record.doc-notification-canada-ca-cname` | | | `aws_route53_record.document-notification-canada-ca-cname` | | | `aws_route53_record.documentation-notification-canada-ca-cname` | | | `aws_route53_record.notificatio-root-WC` | | | `aws_route53_record.notification-alt-root[0]` | | | `aws_route53_record.notification-alt-root-WC[0]` | | | `aws_route53_record.notification-canada-ca["*.api.staging.notification.cdssandbox.xyz"]` | | | `aws_route53_record.notification-canada-ca["*.document.staging.notification.cdssandbox.xyz"]` | | | `aws_route53_record.notification-canada-ca["*.staging.notification.cdssandbox.xyz"]` | | | `aws_route53_record.notification-canada-ca["api.staging.notification.cdssandbox.xyz"]` | | | `aws_route53_record.notification-canada-ca["staging.notification.cdssandbox.xyz"]` | | | `aws_route53_record.notification-canada-ca-alt["*.api.staging.alpha.notification.cdssandbox.xyz"]` | | | `aws_route53_record.notification-canada-ca-alt["*.document.staging.alpha.notification.cdssandbox.xyz"]` | | | `aws_route53_record.notification-canada-ca-alt["*.staging.alpha.notification.cdssandbox.xyz"]` | | | `aws_route53_record.notification-canada-ca-alt["api.staging.alpha.notification.cdssandbox.xyz"]` | | | `aws_route53_record.notification-canada-ca-alt["staging.alpha.notification.cdssandbox.xyz"]` | | | `aws_route53_record.notification-root` | | | `aws_route53_record.notification-www-root` |

Show plan

```terraform Resource actions are indicated with the following symbols: -/+ destroy and then create replacement Terraform will perform the following actions: # aws_acm_certificate_validation.notification-canada-ca[0] must be replaced -/+ resource "aws_acm_certificate_validation" "notification-canada-ca" { ~ id = "2023-02-22 00:24:48.975 +0000 UTC" -> (known after apply) ~ validation_record_fqdns = [ # forces replacement - "_27cafbad13da9d68d8adaa666739eb99.api.staging.notification.cdssandbox.xyz", - "_5bc41be686a84b97346535d7c4d2fe4e.staging.notification.cdssandbox.xyz", - "_b4c1dfe3fa5ef9427b62475bf31154f3.document.staging.notification.cdssandbox.xyz", ] -> (known after apply) # forces replacement # (1 unchanged attribute hidden) } # aws_acm_certificate_validation.notification-canada-ca-alt[0] must be replaced -/+ resource "aws_acm_certificate_validation" "notification-canada-ca-alt" { ~ id = "2023-05-16 18:43:16.158 +0000 UTC" -> (known after apply) ~ validation_record_fqdns = [ # forces replacement - "_62f20d544effcb240b05173b55003507.staging.alpha.notification.cdssandbox.xyz", - "_70320bb25a26bdbcb62b272ddda9cf60.api.staging.alpha.notification.cdssandbox.xyz", - "_bab9db842fa4f7378eb182a2d90a3d1c.document.staging.alpha.notification.cdssandbox.xyz", ] -> (known after apply) # forces replacement # (1 unchanged attribute hidden) } # aws_route53_record.api-document-notification-canada-ca-cname must be replaced -/+ resource "aws_route53_record" "api-document-notification-canada-ca-cname" { + allow_overwrite = (known after apply) ~ fqdn = "api.document.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_api.document.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "api.document.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.api-k8s-scratch-notification-CNAME must be replaced -/+ resource "aws_route53_record" "api-k8s-scratch-notification-CNAME" { + allow_overwrite = (known after apply) ~ fqdn = "api-k8s.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_api-k8s.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "api-k8s.staging.notification.cdssandbox.xyz" ~ ttl = 60 -> 300 ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (2 unchanged attributes hidden) } # aws_route53_record.api-weighted-0-scratch-notification-A must be replaced -/+ resource "aws_route53_record" "api-weighted-0-scratch-notification-A" { + allow_overwrite = (known after apply) ~ fqdn = "api.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_api.staging.notification.cdssandbox.xyz_A_loadbalancer" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "api.staging.notification.cdssandbox.xyz" - records = [] -> null - ttl = 0 -> null ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (2 unchanged attributes hidden) ~ alias { ~ evaluate_target_health = false -> true name = "notification-staging-alb-1878361959.ca-central-1.elb.amazonaws.com" # (1 unchanged attribute hidden) } # (1 unchanged block hidden) } # aws_route53_record.doc-notification-canada-ca-cname must be replaced -/+ resource "aws_route53_record" "doc-notification-canada-ca-cname" { + allow_overwrite = (known after apply) ~ fqdn = "doc.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_doc.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "doc.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.document-notification-canada-ca-cname must be replaced -/+ resource "aws_route53_record" "document-notification-canada-ca-cname" { + allow_overwrite = (known after apply) ~ fqdn = "document.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_document.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "document.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.documentation-notification-canada-ca-cname must be replaced -/+ resource "aws_route53_record" "documentation-notification-canada-ca-cname" { + allow_overwrite = (known after apply) ~ fqdn = "documentation.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_documentation.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "documentation.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } # aws_route53_record.notificatio-root-WC must be replaced -/+ resource "aws_route53_record" "notificatio-root-WC" { + allow_overwrite = (known after apply) ~ fqdn = "*.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_*.staging.notification.cdssandbox.xyz_A" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "*.staging.notification.cdssandbox.xyz" - records = [] -> null - ttl = 0 -> null ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (1 unchanged attribute hidden) # (1 unchanged block hidden) } # aws_route53_record.notification-alt-root[0] must be replaced -/+ resource "aws_route53_record" "notification-alt-root" { + allow_overwrite = (known after apply) ~ fqdn = "staging.alpha.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_staging.alpha.notification.cdssandbox.xyz_A" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "staging.alpha.notification.cdssandbox.xyz" - records = [] -> null - ttl = 0 -> null ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (1 unchanged attribute hidden) # (1 unchanged block hidden) } # aws_route53_record.notification-alt-root-WC[0] must be replaced -/+ resource "aws_route53_record" "notification-alt-root-WC" { + allow_overwrite = (known after apply) ~ fqdn = "*.staging.alpha.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_*.staging.alpha.notification.cdssandbox.xyz_A" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "*.staging.alpha.notification.cdssandbox.xyz" - records = [] -> null - ttl = 0 -> null ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (1 unchanged attribute hidden) # (1 unchanged block hidden) } # aws_route53_record.notification-canada-ca["*.api.staging.notification.cdssandbox.xyz"] must be replaced -/+ resource "aws_route53_record" "notification-canada-ca" { ~ allow_overwrite = true -> false ~ fqdn = "_27cafbad13da9d68d8adaa666739eb99.api.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__27cafbad13da9d68d8adaa666739eb99.api.staging.notification.cdssandbox.xyz._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_27cafbad13da9d68d8adaa666739eb99.api.staging.notification.cdssandbox.xyz" ~ ttl = 60 -> 300 ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (2 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca["*.document.staging.notification.cdssandbox.xyz"] must be replaced -/+ resource "aws_route53_record" "notification-canada-ca" { ~ allow_overwrite = true -> false ~ fqdn = "_b4c1dfe3fa5ef9427b62475bf31154f3.document.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__b4c1dfe3fa5ef9427b62475bf31154f3.document.staging.notification.cdssandbox.xyz._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_b4c1dfe3fa5ef9427b62475bf31154f3.document.staging.notification.cdssandbox.xyz" ~ ttl = 60 -> 300 ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (2 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca["*.staging.notification.cdssandbox.xyz"] must be replaced -/+ resource "aws_route53_record" "notification-canada-ca" { ~ allow_overwrite = true -> false ~ fqdn = "_5bc41be686a84b97346535d7c4d2fe4e.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__5bc41be686a84b97346535d7c4d2fe4e.staging.notification.cdssandbox.xyz._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_5bc41be686a84b97346535d7c4d2fe4e.staging.notification.cdssandbox.xyz" ~ ttl = 60 -> 300 ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (2 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca["api.staging.notification.cdssandbox.xyz"] must be replaced -/+ resource "aws_route53_record" "notification-canada-ca" { ~ allow_overwrite = true -> false ~ fqdn = "_27cafbad13da9d68d8adaa666739eb99.api.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__27cafbad13da9d68d8adaa666739eb99.api.staging.notification.cdssandbox.xyz._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_27cafbad13da9d68d8adaa666739eb99.api.staging.notification.cdssandbox.xyz" ~ ttl = 60 -> 300 ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (2 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca["staging.notification.cdssandbox.xyz"] must be replaced -/+ resource "aws_route53_record" "notification-canada-ca" { ~ allow_overwrite = true -> false ~ fqdn = "_5bc41be686a84b97346535d7c4d2fe4e.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__5bc41be686a84b97346535d7c4d2fe4e.staging.notification.cdssandbox.xyz._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_5bc41be686a84b97346535d7c4d2fe4e.staging.notification.cdssandbox.xyz" ~ ttl = 60 -> 300 ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (2 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca-alt["*.api.staging.alpha.notification.cdssandbox.xyz"] must be replaced -/+ resource "aws_route53_record" "notification-canada-ca-alt" { ~ fqdn = "_70320bb25a26bdbcb62b272ddda9cf60.api.staging.alpha.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__70320bb25a26bdbcb62b272ddda9cf60.api.staging.alpha.notification.cdssandbox.xyz._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_70320bb25a26bdbcb62b272ddda9cf60.api.staging.alpha.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (4 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca-alt["*.document.staging.alpha.notification.cdssandbox.xyz"] must be replaced -/+ resource "aws_route53_record" "notification-canada-ca-alt" { ~ fqdn = "_bab9db842fa4f7378eb182a2d90a3d1c.document.staging.alpha.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__bab9db842fa4f7378eb182a2d90a3d1c.document.staging.alpha.notification.cdssandbox.xyz._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_bab9db842fa4f7378eb182a2d90a3d1c.document.staging.alpha.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (4 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca-alt["*.staging.alpha.notification.cdssandbox.xyz"] must be replaced -/+ resource "aws_route53_record" "notification-canada-ca-alt" { ~ fqdn = "_62f20d544effcb240b05173b55003507.staging.alpha.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__62f20d544effcb240b05173b55003507.staging.alpha.notification.cdssandbox.xyz._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_62f20d544effcb240b05173b55003507.staging.alpha.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (4 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca-alt["api.staging.alpha.notification.cdssandbox.xyz"] must be replaced -/+ resource "aws_route53_record" "notification-canada-ca-alt" { ~ fqdn = "_70320bb25a26bdbcb62b272ddda9cf60.api.staging.alpha.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__70320bb25a26bdbcb62b272ddda9cf60.api.staging.alpha.notification.cdssandbox.xyz._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_70320bb25a26bdbcb62b272ddda9cf60.api.staging.alpha.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (4 unchanged attributes hidden) } # aws_route53_record.notification-canada-ca-alt["staging.alpha.notification.cdssandbox.xyz"] must be replaced -/+ resource "aws_route53_record" "notification-canada-ca-alt" { ~ fqdn = "_62f20d544effcb240b05173b55003507.staging.alpha.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z__62f20d544effcb240b05173b55003507.staging.alpha.notification.cdssandbox.xyz._CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "_62f20d544effcb240b05173b55003507.staging.alpha.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (4 unchanged attributes hidden) } # aws_route53_record.notification-root must be replaced -/+ resource "aws_route53_record" "notification-root" { + allow_overwrite = (known after apply) ~ fqdn = "staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_staging.notification.cdssandbox.xyz_A" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "staging.notification.cdssandbox.xyz" - records = [] -> null - ttl = 0 -> null ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (1 unchanged attribute hidden) # (1 unchanged block hidden) } # aws_route53_record.notification-www-root must be replaced -/+ resource "aws_route53_record" "notification-www-root" { + allow_overwrite = (known after apply) ~ fqdn = "www.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_www.staging.notification.cdssandbox.xyz_CNAME" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "www.staging.notification.cdssandbox.xyz" ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (3 unchanged attributes hidden) } Plan: 23 to add, 0 to change, 23 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.client_vpn"] WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.notification-canada-ca"] WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.notification-canada-ca-alt[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_alb.notification-canada-ca"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_listener.internal_alb_tls"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_listener.notification-canada-ca"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.internal_nginx_http"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-admin"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-api"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-document"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-document-api"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-documentation"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notification-canada-ca-eks-cluster-logs[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-evicted-pods[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-pods-high-cpu-warning[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-pods-high-memory-warning[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-replicas-unavailable[0]"] WARN - plan.json - main - Missing Common Tags:... ```

github-actions[bot] commented 3 months ago

Staging: quicksight

✅ Terraform Init: success ✅ Terraform Validate: success ✅ Terraform Format: success ✅ Terraform Plan: success ✅ Conftest: success

Plan: 0 to add, 1 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|-------------------------------| | update | `aws_s3_object.manifest_file` |

Show plan

```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_s3_object.manifest_file will be updated in-place ~ resource "aws_s3_object" "manifest_file" { ~ etag = "4f558e8d8cdbbf914a95755cbda61968" -> "221f592f333f2fc284626cfdb8c4bc80" id = "quicksight/s3-manifest-sms-usage.json" tags = {} + version_id = (known after apply) # (11 unchanged attributes hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_cloudformation_stack.sms-usage-notifications"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.quicksight-rds"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.quicksight-s3-usage"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.quicksight_vpc_connection_ec2"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.quicksight_vpc_connection_iam"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.quicksight"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.vpc_connection_role"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.jobs"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.login_events"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.notifications"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.organisation"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.services"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.sms_usage"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.templates"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.users"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_source.rds"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_source.s3_sms_usage"] WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_vpc_connection.rds"] WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.manifest_file"] 38 tests, 19 passed, 19 warnings, 0 failures, 0 exceptions ```

github-actions[bot] commented 3 months ago

Staging: system_status

✅ Terraform Init: success ✅ Terraform Validate: success ✅ Terraform Format: success ✅ Terraform Plan: success ✅ Conftest: success

Plan: 0 to add, 1 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|-------------------------------------------------| | update | `module.system_status.aws_lambda_function.this` |

Show plan

```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.system_status.aws_lambda_function.this will be updated in-place ~ resource "aws_lambda_function" "this" { - description = "2024-07-18T20:05:03Z" -> null id = "system_status" tags = { "CostCentre" = "notification-canada-ca-staging" "Terraform" = "true" } # (21 unchanged attributes hidden) # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.system_status_testing[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.system_status_log_group[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.logs-1-500-error-1-minute-warning-system_status-api[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.logs-10-500-error-5-minutes-critical-system_status-api[0]"] 23 tests, 19 passed, 4 warnings, 0 failures, 0 exceptions ```

github-actions[bot] commented 3 months ago

Staging: lambda-api

✅ Terraform Init: success ✅ Terraform Validate: success ✅ Terraform Format: success ✅ Terraform Plan: success ✅ Conftest: success

⚠️ Warning: resources will be destroyed by this change!

Plan: 3 to add, 0 to change, 3 to destroy

Show summary

| CHANGE | NAME | |----------|------------------------------------------------------| | recreate | `aws_route53_record.api-lambda-notification-A` | | | `aws_route53_record.api-notification-alt-A[0]` | | | `aws_route53_record.api-weighted-100-notification-A` |

Show plan

```terraform Resource actions are indicated with the following symbols: -/+ destroy and then create replacement Terraform will perform the following actions: # aws_route53_record.api-lambda-notification-A must be replaced -/+ resource "aws_route53_record" "api-lambda-notification-A" { + allow_overwrite = (known after apply) ~ fqdn = "api-lambda.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_api-lambda.staging.notification.cdssandbox.xyz_A" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "api-lambda.staging.notification.cdssandbox.xyz" - records = [] -> null - ttl = 0 -> null ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (1 unchanged attribute hidden) # (1 unchanged block hidden) } # aws_route53_record.api-notification-alt-A[0] must be replaced -/+ resource "aws_route53_record" "api-notification-alt-A" { + allow_overwrite = (known after apply) ~ fqdn = "api.staging.alpha.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_api.staging.alpha.notification.cdssandbox.xyz_A" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "api.staging.alpha.notification.cdssandbox.xyz" - records = [] -> null - ttl = 0 -> null ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (1 unchanged attribute hidden) # (1 unchanged block hidden) } # aws_route53_record.api-weighted-100-notification-A must be replaced -/+ resource "aws_route53_record" "api-weighted-100-notification-A" { + allow_overwrite = (known after apply) ~ fqdn = "api.staging.notification.cdssandbox.xyz" -> (known after apply) ~ id = "Z04028033PLSHVOO9ZJ1Z_api.staging.notification.cdssandbox.xyz_A_lambda" -> (known after apply) - multivalue_answer_routing_policy = false -> null name = "api.staging.notification.cdssandbox.xyz" - records = [] -> null - ttl = 0 -> null ~ zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" -> "Z04028033PLSHVOO9ZJ1Z" # forces replacement # (2 unchanged attributes hidden) # (2 unchanged blocks hidden) } Plan: 3 to add, 0 to change, 3 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_domain_name.alt_api_lambda"] WARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_domain_name.api"] WARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_domain_name.api_lambda"] WARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_rest_api.api"] WARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_stage.api"] WARN - plan.json - main - Missing Common Tags: ["aws_appautoscaling_target.api"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.api_gateway_log_group"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.api_lambda_log_group[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.failed-login-count-5-minute-warning[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.logs-1-error-1-minute-warning-lambda-api[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.logs-1-error-1-minute-warning-salesforce-api[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.logs-10-error-5-minutes-critical-lambda-api[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.api"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.ecr"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.api"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.api_cloudwatch[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_user.ecr-user"] WARN - plan.json - main - Missing Common Tags: ["aws_kinesis_firehose_delivery_stream.firehose-api-lambda-waf-logs"] WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.api"] WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.new-relic-license-key"] WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_web_acl.api_lambda"] WARN - plan.json - main - Missing Common Tags:... ```

cds-snc / notification-terraform

Prod dns migration #1447

Summary | Résumé

Related Issues | Cartes liées

Test instructions | Instructions pour tester la modification

Release Instructions | Instructions pour le déploiement

Reviewer checklist | Liste de vérification du réviseur

Staging: newrelic

Staging: heartbeat

Staging: dns

Staging: system_status

Staging: ses_validation_dns_entries

Staging: eks

Staging: quicksight

Staging: system_status

Staging: lambda-api